Oyku, can you send that e-mail to alex@kel-tek.com I am running Posfix/Amavis with AVP. We'll see if it is an antivirus or amavis problem, because I used amavis/AVP on Sendmail for 2 years (it caught on average 2 viruses per day) and never I had a virus breach the system. On Wednesday 20 March 2002 08:26, Oyku Gencay wrote:
Hi,
I'm receiving a mail virus from a hotmail account. The message passes through amavis-postfix with antivir. The mail contains "HappyWorm". When I forward the mail, it does not pass through the mail server and antivir can detect the virus. Tracking down the problem I found out the following oddity ? When amavis decodes the mail, it creates the following file. msg-20298-4.txt The content is base64 encoded and starts as
Content-Type: application/octet-stream; name=query[1].htm Content-Transfer-Encoding: base64 Content-ID:
PasdASDasdSDQWEASdaseRQDSAdCeTLs...... and continues.
When I decode this part with mimencode -u, it's plain html file with worm code in it. antivir can detect the virus in the htm file but amavis does not decode and scan the file.
Is there anything I'm missing? Other than this, everything works fine with amavis-postfix and antivir. I also tried f-prot but it didn't recognize the encoded file either.
Does anyone know why amavis is not decoding the mime part?
I'm using amavis-postfix, postfix from the suse 7.3 CD's and antivir (latest)
Regards, Oyku Gencay
BTW I tried to scan the encoded file with Norton Antivirus (Win) and it recognized it's encoded and found the virus.
-- Alex Levit Senior Network Engineer Kel-Tek Inc. TEL: 626-571-6927 FAX: 626-571-8794 'Alex@kel-tek.com'